Skip navigation.

binBLAST release

This is something that I've ignored for entirely too long, so I finally just did it instead of trying to pretty up the release.

binBLAST is now available via google code (not SourceForge):
binBLAST source code

This is everything that was presented at DefCon.

Tool internals


I downloaded the binary (bincompare.exe) and modified 4 bytes of notepad.exe. Then I ran:

bincompare notepad.exe notepad1.exe

where notepad.exe is the original binary and notepad1.exe the 4-bytes modified file.

bincompare showed a column with numbers separated by comma. And when it finished it wrote on screen the needed time for comparision. Nothing else.

No report file was generated.

Could you explain how this tool works, please?

Tool is a collection of programs that need to be chained

The tool is actually a series of posix-style programs, expecting some value on standard input and producing values on standard output. This allows for very fine-grained control of the analysis.

bincompare (made from bincompare.c) is only performs comparisons and produces the matching strings. As presented at defcon, it's very noisy and generally needs to be pared down by some other utility. A binary version of it was included for reference.

Included in the source is a cgi script that allows a web interface to building a library of disassembly and performing comparison. When working with massive numbers of samples, it didn't make much sense. However, it is beneficial for small comparisons and seeing how the pieces fit together

There is still quite a bit of work to be done. For example, the makefile and programs are dominantly linux-centric in how they handle paths. The fastest way to get this working in Windows would be to use something like cygwin. Another thing that is lacking is a formal README/walk-through as you have highlighted.

The use of google code allows the submission of 'issues' with the project. I have just entered an issue to improve the documentation to have a README. Perhaps a tutorial will be of benefit.

I remember you, VirusBuster, had some frustration with my release time frame the last go around. I can understand this frustration if this were a well-defined, product that was for sale. However, these tools are still not my full-time job -- just something that I thoroughly enjoy. I ask only for your patience.

"BinBLAST Pre-Alpha

"BinBLAST Pre-Alpha Release
Submitted by hllywood on Mon, 2006-09-11 03:27"

In that post from 2006 nothing was attached.

It´s kinda funny you ask for patience. ;-)

Yeah, yeah... iI know it´s not your full-time job, but almost 3 years... come on. :-P